That's deeply worrying. How can FM employ someone with so little clue?

And "Communication Manager"? Is that a sign that FM is now more worried about its public /image/ than being known & respected for its solid technical foundation?

It seems to be their only concern. They have made it clear they don't believe it is wrong to give out our email addreses. I have heard nothing since Saturday when I was told they would have a meeting on Monday (yesterday).
It is now Tuesday evening over there.....

It seems to be their only concern. They have made it clear they don't believe it is wrong to give out our email addreses. I have heard nothing since Saturday when I was told they would have a meeting on Monday (yesterday).
It is now Tuesday evening over there.....

Yep, we had the meeting. The result is that we won't be using the "willing to receive newsletters" checkbox as a way to select people to send questionnaires in future.

We will still use third parties as appropriate for our needs.

This thread made some suggestions for other ways we could have approached this, which are fine. They would have all involved some additional work which wasn't considered warranted by the people making the decisions. Based on your feedback, we will take a different approach next time.

You appear to have a solution (renaming the account) which works fine to resolve the issue, and I'm also happy to provide you a full refund if you're not satisfied with that resolution.

Also:

Quote:

That you think it ok to publicly discuss in front of the entire internet the results of 'monitoring' a private account makes me feel even more violated.

Da fuq? I suggested monitoring the old username after you had renamed to see if it was being abused. That's a name on fastmail.com - a namespace owned by us - that would no longer be used at that point.

It seems to be their only concern. They have made it clear they don't believe it is wrong to give out our email addreses. I have heard nothing since Saturday when I was told they would have a meeting on Monday (yesterday).
It is now Tuesday evening over there.....

I should follow up on the "heard nothing" - it's actually kind of tricky to see the results of the rename. Since you hadn't kept the alias - our resolve tools don't show the rename.

You didn't use it this time
I never ticked the willing to receive newsletters checkbox.

I expect the answer here is "it was the default setting for the account owner", which is a tricky one - because we do need a way to communicate service changes to people, so I can understand it being default. Reviewing that setting and splitting it into some communication levels that can have the default not allow surveys while still allowing us to send things like "we no long allow your primary password to be used for IMAP connections" when we finally turn off mail.messagingengine.com.

I expect the answer here is "it was the default setting for the account owner", which is a tricky one - because we do need a way to communicate service changes to people, so I can understand it being default. Reviewing that setting and splitting it into some communication levels that can have the default not allow surveys while still allowing us to send things like "we no long allow your primary password to be used for IMAP connections" when we finally turn off mail.messagingengine.com.

Again, I apologise for that oversight. I can't change the past.

Regards,

Bron.

I'm may be misunderstanding your meaning here. But if you are suggesting I had the box set to receive newsletters ticked because that was the default account setting. That isn't the case I 100% had the box unchecked. First thing I do in any new account for anything online is go to settings & run through everything to ensure I'm not signed up for newsletters, etc
On my life that box was & is unchecked.

Just to provide more details for those reading this, our (FastMail) marketing team contacted a random sample of a few of our recent signups with a set of survey questions designed to understand why people choose FastMail, or choose not to remain at the end of their trial.

The survey company (SurveyGizmo) is only permitted to use that list of addresses for the explicit purpose of sending the survey we designed, and collecting the results of said survey.

SurveyGizmo have a privacy policy which allows you to see exactly what data they have on you, and allows you to request that all that data is wiped. We immediately requested that SurveyGizmo remove all data for the user ("ferrety" here) upon receipt of a request from that user.

The reason we chose to use a third party rather than building a survey tool inhouse was entirely around skill and time - it would have taken us inordinately long to build the tooling ourselves as opposed to paying experts to do it. We chose SurveyGizmo because they have a good privacy history, and provide tooling to allow non-programmers to extract useful data from the surveys.

In response to the complaint we received today, we are reviewing how we choose users to survey, and plan to require an opt-in of some sort.

The head of our communications team has been in direct contact with the user about this issue, and I expect further communications will continue there rather than on this public forum.

The issue has now been escalated directly to me, and I have replied outlining both the steps we have taken, my apology on behalf of the entire company, and what we can do in future to monitor the address and see if the exposure to a known third party has resulted in it being used by spammers.

I am quite happy to have all our interactions published.

My apologies for the delay in posting that initial response here. When I became aware of the issue, I was on a standing-room-only train at the time traveling to my father-in-law's house for family dinner.

Given that there was no timely element involved:

* the exposed data was an email address
* the related threat is receiving spam messages to the primary account name
* the mitigation is renaming the account, which can happen at any time and stop the flow of spam
* there was no evidence that there was an immediate flood of spam to the account, so delaying that rename by some hours made no difference

.. and since I've been overseas for the last month and this family dinner was the first one in a while, I politely waited until after dinner to sit down at my laptop and give this issue my full attention.

If my assessment of the urgency was incorrect, I apologise for that as well.

Regards,

Bron.

Urgency assessment correct.
Initial decision to give this info out wrong.
We use FM precisely to not have gmail etc harvest our info, now you are doing it.

It sounds like the OP is ready to move on and should if he can't trust FM, but I suspect he will have a very hard time finding another provider that meets his requirements. A bit OT, but if privacy and security are so paramount I would think a provider like Protonmail might be more appropriate. But, I think the basic question to ask yourself is how much security do you gain by an obscure email login address that nobody knows? I suppose it could be as complicated as a password, but then it would be very hard to type in every time you are logging in. I suppose it adds a tiny bit more security than just using a strong password and 2FA. But lets say you lose it via some keylogger. Now you are dependant on that strong password and 2FA. The password might be breached by the keylogger too. Then it is down to the 2FA, and the nature of the login email will be irrelevant. My point being that nothing is totally foolproof.

I've had complaints about Fastmail in the past, and I'm under no illusions about the nature of the company, but... for pity's sake, Mr Ferretty!
Bron has admitted that they made a mistake, he's apologised profusely and repeatedly, he's said they've learned from the mistake and it won't happen again, and he's outlined an entirely satisfactory solution (change your username) which means their mistake will yield no conceivable long-term harm to you.
He's even offered a refund, although I don't see why he should.
You've now milked this for all it's worth, and more.
Time to stop acting the drama queen.

I've had complaints about Fastmail in the past, and I'm under no illusions about the nature of the company, but... for pity's sake, Mr Ferretty!
Bron has admitted that they made a mistake, he's apologised profusely and repeatedly, he's said they've learned from the mistake and it won't happen again, and he's outlined an entirely satisfactory solution (change your username) which means their mistake will yield no conceivable long-term harm to you.
He's even offered a refund, although I don't see why he should.
You've now milked this for all it's worth, and more.
Time to stop acting the drama queen.

He hasn't said it won't happen again. He has said they reserve the right to give out email addresses to third party companies in the future.

I think this issue was exhausted by now. Let's go on with our lives... Unless something new or important is added, I will consider locking this thread.

Since I think this is a larger, conceptual issue that's not limited to @ferrety's personal grievances, I don't think it has been exhausted. You're the mod, of course, but I think locking now would be premature.

Quote:

Originally Posted by Grhm

I've had complaints about Fastmail in the past, and I'm under no illusions about the nature of the company, but... for pity's sake, Mr Ferretty!
Bron has admitted that they made a mistake, he's apologised profusely and repeatedly, he's said they've learned from the mistake and it won't happen again, and he's outlined an entirely satisfactory solution (change your username) which means their mistake will yield no conceivable long-term harm to you.
He's even offered a refund, although I don't see why he should.
You've now milked this for all it's worth, and more.
Time to stop acting the drama queen.

I for one appreciate the fact that @ferrety has brought all of this to our attention. I see no "milking" here (so far). As far as I can tell (even upon rereading the posts), you're incorrect about Bron admitting they made a mistake, at least on the point that people's addresses were given to a third party without asking for consent.

Quote:

Originally Posted by brong

Yep, we had the meeting. The result is that we won't be using the "willing to receive newsletters" checkbox as a way to select people to send questionnaires in future.

I didn't realize the main issue here revolved around whether it was OK send a questionnaire to people willing to receive newsletters...

Quote:

We will still use third parties as appropriate for our needs.

No one has suggested you shouldn't use third parties. For example, I don't think anyone here has objections to you using a hosting provider to run your servers. Giving out people's addresses (especially to a data collection company), however, tends to fall outside what many people consider "appropriate" without you asking their permission first. It's simply not something people would know to reasonably expect.

Quote:

This thread made some suggestions for other ways we could have approached this, which are fine. They would have all involved some additional work which wasn't considered warranted by the people making the decisions. Based on your feedback, we will take a different approach next time.

They almost certainly wouldn't have been anywhere as complex or resource intensive to implement as "building a survey tool inhouse", which you previously suggested was the alternative.

It's difficult to assess the merits of an equivocative "different approach", since it remains unclear whether or not you in fact believe that giving out your customers' addresses without their consent is something you have every right to do. If that's the case, a future rehash of all this seems highly likely. (Except that the EU's GDPR will be in effect by then, and you may or may not get by with just forum discussions. I think we all know there are some rather persistent folks around here.)

To the consent extremists here - if you're a FastMail customer - have you gained consent from every one of your correspondents to share their details with FastMail?

They could know you use FastMail by resolving the MX servers, and confirming that their emails are going to FastMail. Do you believe you have the right to leave FastMail and take your email to a different email provider without confirming explicit consent from every person who's emailed you?

Because that's what we're talking about here. Is FastMail allowed to use a third party to send email on our behalf, having assessed that third party's privacy policy and confirmed that it's compatible with the privacy guarantees we offer to our customers. I absolutely MUST reserve the right to do that in the future, because the alternative would be placing unreasonable constraints on our ability to do our jobs by using third party tools if that's the best choice at the time.

What I have promised is that we will document which third parties we're using and inform customers in advance about which data is processed by those third parties. An example of a fairly recently added third party is that we're using a company called Sentry (sentry.io) to process and monitor error reports, allowing our dev team to more easily see clusters of errors and collaborate over fixes. Sometimes crash traces include usernames and other personal data, so we rely on their privacy policy about how they act as a data processor on our behalf.

The only alternative would be to become experts in everything and build everything in-house. Over time, that has become less and less tenable as we found we were spending a lot more maintaining our own half-baked tooling than it would cost to use a solution run by experts in that space. This is exactly the same way our customers use FastMail rather than running their own mail server and writing their own webmail system.

In my case Iīm VERY disappointed with this decision from Fastmail, I thought our emails were private and not shared with third parties ever. At least, asking for our permission would be "nice".
If thatīs how Fastmail acts or will act then I must think if I should renew when my current subscription ends.